Fortinet Releases its Threatscape Report for September 2009

Fortinet, which has recently released its "September 2009 Threatscape Report" says that the month witnessed cyber criminals employing scary tactics to influence and exploit Internet users. There had been a continued strength of scareware programs since the first blast of such malware during September 2008, as reported by Ingate on October 7, 2009.

The report says that Internet fraudsters troubled end-users with malicious campaigns, which included e-mail attacks, fake software and other botnet downloads. Their objective was to frighten consumers so that they divulged their credit card and banking information that could be used for committing identity and/or financial fraud.

Derek Manky, Project Manager of Threat Research and Cyber Security, Fortinet, said - scareware has been constantly growing over the months, as reported by Ingate on October 7, 2009. However, cyber criminals would keep using well-known get-rich-quick campaigns for mining end-users till they have to find other methods of exploitation. Thus, he advises Internet users to remain alert and not yield to offers that sound excessively true for, they could be a fake.

During September 2009, several critical computer flaws were exposed along with a high amount of exploits that attacked familiar security flaws.

According to the report, Bredolab (W32/Bredo.G) scareware has been existing for one year and still going strong as before since its first blast during last September (2008). Of late, variants of Bredolab were distributed via bulk e-mails that delivered bogus courier invoices, opening which resulted in the systems getting added to a botnet.

Besides, there was a vibrant ZBot during September 2009, which dispatched specialized-appearing, too-good-to-be-true employment ads that asked recipients to furnish their bank account particulars for to process payments.

Lastly, there're also several zero-day attacks. A certain new vulnerability that allowed execution of remote code during September 2009 and caused disturbance was Microsoft Server Message Block, technically named SMB2, CVE-2009-3103 whose exploit activity though low, increased steadily. Another remote-code execution vulnerability active during September was Microsoft ISS FTP Service or CVE-2009-3023. Additionally, there were also rising activity levels from Adobe Flash/Reader or CVE-2009-1862.